Multiple webservers using Nat/Pat

We are using a Cisco 1841 router with Version 12.4.(15)T6.

Here is what I would like to accomplish if possible. We have certain devices that we need to access out of band. We have a local ISP and with this ISP, we get one routable address. I currently have Nat overload configured on the router and so far everything we have tried to do has worked without flaw.

Re: Multiple webservers using Nat/Pat

Dwane, you used the route map config with port 23? I ask because I don't think your config would work without it since the traffic you want to isolate by port would be caught by the more inclusive access permitting the entire subnet. Also, did you account for the additional ports in your access list on the oustide interface?

Multiple webservers using Nat/Pat

Thank you for the replies.

I do not have an option to configure the http TCP port. I have to web in using http://x.x.x.x:8081 and have it forward to 192.168.x.x:80 and also be able ot web into http://x.x.x.x:8082 and have it forward to 192.168.x.y:80

I think we are all on the proper track but is there an absolute way on how to configure this task.

Re: Multiple webservers using Nat/Pat

Dwane, you used the route map config with port 23? I ask because I don't think your config would work without it since the traffic you want to isolate by port would be caught by the more inclusive access permitting the entire subnet. Also, did you account for the additional ports in your access list on the oustide interface?

where 10.10.10.10 represents our external ISP address we are trying to use. 10.50.10.10 represents the ip address I am attempting the 10.10.10.10:8081 request. So it does see it hitting the address. I can ping the 192.168.1.200 from the router.

Any other ideas or can I debug maybe the IP nat to see what is taking place? I am stuck on this one. It should work.

Re: Multiple webservers using Nat/Pat

I don't think that will work. I think the issue is the direction of the flow. From inside to outside what I suggested would work, but you'd have to initiate the connection from the inside, not practical. There is a "reversible" keyword that can be added to an ip nat inside command, e.g.

that allows the connection to be initiated from the outside and have the NAT applied as configured when the internal host responds. However, this doesn't appear to be an option in your setup because of your limitation in having only one public address available. Try this

ip nat outside source static tcp 1.1.1.1 8081 192.168.1.200 80

where 1.1.1.1 is the public IP address being used by your router

Then use your

ip nat inside source list 102 interface FastEthernet0/0 overload

access-list 102 permit ip 192.168.1.0 0.0.0.255 any

With the port forwarding setup on the outside interface, you may not need to exclude the inside to outside translation of the resources your trying to make accessible publicly as I initially suggested.

Enterprise Switching Business Unit is glad to announce Beta release 16.12.2 for all Catalyst 9200/9300/9400/9500/9600 and Catalyst 3650/3850 Platforms. This release is made available to allow users to test, evaluate and share fee...
view more

Purpose of the document
This document describes the general recommendations or best practices when designing and deploying the Cisco SD-Access technology. The document assumes that the reader has a general overview of Cisco's SD-Access for Distributed C...
view more

Do you currently have hands-on networking experience? If you do, we'd love to hear from you!
Your feedback will be reviewed and analyzed by our team to directly influence a networking management and monitoring product.
Take the 20-min or les...
view more